Skip to content

add sandbox policy and sandbox name to codex.tool.call metrics#10711

Merged
iceweasel-oai merged 5 commits intomainfrom
dev/iceweasel/tool-call-metrics
Feb 5, 2026
Merged

add sandbox policy and sandbox name to codex.tool.call metrics#10711
iceweasel-oai merged 5 commits intomainfrom
dev/iceweasel/tool-call-metrics

Conversation

@iceweasel-oai
Copy link
Collaborator

@iceweasel-oai iceweasel-oai commented Feb 5, 2026

This will give visibility into the comparative success rate of the Windows sandbox implementations compared to other platforms.

@iceweasel-oai iceweasel-oai requested a review from jif-oai February 5, 2026 05:15
@jif-oai
Copy link
Collaborator

jif-oai commented Feb 5, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a39a204494

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

codex-rs/core/src/tools/registry.rs
Comment on lines +255 to +270
fn sandbox_tag(policy: &SandboxPolicy, windows_sandbox_level: WindowsSandboxLevel) -> &'static str {
if matches!(policy, SandboxPolicy::DangerFullAccess) {
return "none";
}
if matches!(policy, SandboxPolicy::ExternalSandbox { .. }) {
return "external";
}
if cfg!(target_os = "windows") {
if matches!(windows_sandbox_level, WindowsSandboxLevel::Elevated) {
return "windows_elevated";
}
}

get_platform_sandbox(windows_sandbox_level != WindowsSandboxLevel::Disabled)
.map(SandboxType::as_metric_tag)
.unwrap_or("none")
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Tag sandbox metrics from actual attempt, not policy

The new sandbox_tag derives the sandbox metric purely from the turn’s policy and platform, but tool execution can be retried without sandbox after a sandbox denial (see ToolOrchestrator::run, which reruns with SandboxType::None). In those cases the metrics for the successful retry will still be tagged as seccomp/seatbelt/windows_*, so the codex.tool.call success rates won’t reflect the real sandbox used. To keep the metrics accurate (especially for comparing Windows sandbox success rates), the tag should be based on the actual sandbox used in the attempt that produced the result, not just policy-level configuration.

Useful? React with 👍 / 👎.

@iceweasel-oai iceweasel-oai merged commit 901d5b8 into main Feb 5, 2026
36 of 38 checks passed
@iceweasel-oai iceweasel-oai deleted the dev/iceweasel/tool-call-metrics branch February 5, 2026 19:42
@github-actions github-actions bot locked and limited conversation to collaborators Feb 5, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@jif-oai jif-oai jif-oai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iceweasel-oai @jif-oai